Vulnerabilities

With the aim of informing, warning and helping professionals with the latest security vulnerabilities in technology systems, we have made a database available for users interested in this information, which is in Spanish and includes all of the latest documented and recognised vulnerabilities.

This repository, with over 75,000 registers, is based on the information from the NVD (National Vulnerability Database) – by virtue of a partnership agreement – through which INCIBE translates the included information into Spanish.

On occasions this list will show vulnerabilities that have still not been translated, as they are added while the INCIBE team is still carrying out the translation process. The CVE (Common Vulnerabilities and Exposures) Standard for Information Security Vulnerability Names is used with the aim to support the exchange of information between different tools and databases.

All vulnerabilities collected are linked to different information sources, as well as available patches or solutions provided by manufacturers and developers. It is possible to carry out advanced searches, as there is the option to select different criteria to narrow down the results, some examples being vulnerability types, manufacturers and impact levels, among others.

Through RSS feeds or Newsletters we can be informed daily about the latest vulnerabilities added to the repository. Below there is a list, updated daily, where you can discover the latest vulnerabilities.

CVE-2019-3666

Publication date:

03/12/2019

API Abuse/Misuse vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to navigate to restricted websites via a carefully crafted web site.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-3665

Publication date:

03/12/2019

Code Injection vulnerability in the web interface in McAfee Web Advisor (WA) prior to 4.1.1.48 allows remote unauthenticated attacker to allow the browser to render a website which Web Advisor would normally have blocked via a carefully crafted web site.

Severity CVSS v4.0: Pending analysis

Last modification:

07/11/2023

CVE-2019-19516

Publication date:

02/12/2019

Intelbras WRN 150 1.0.18 devices allow CSRF via GO=system_password.asp to the goform/SysToolChangePwd URI to change a password.

Severity CVSS v4.0: Pending analysis

Last modification:

13/12/2019

CVE-2019-19316

Publication date:

02/12/2019

When using the Azure backend with a shared access signature (SAS), Terraform versions prior to 0.12.17 may transmit the token and state snapshot using cleartext HTTP.

Severity CVSS v4.0: Pending analysis

Last modification:

21/07/2021

CVE-2019-15689

Publication date:

02/12/2019

Kaspersky Secure Connection, Kaspersky Internet Security, Kaspersky Total Security, Kaspersky Security Cloud prior to version 2020 patch E have bug that allows a local user to execute arbitrary code via execution compromised file placed by an attacker with administrator rights. No privilege escalation. Possible whitelisting bypass some of the security products

Severity CVSS v4.0: Pending analysis

Last modification:

18/12/2019

CVE-2012-5562

Publication date:

02/12/2019

A flaw was found in rhn-proxy. This vulnerability may allow the rhn-proxy to transmit user credentials in clear-text when it accesses RHN Satellite. This could lead to information disclosure, where sensitive authentication details are exposed to unauthorized parties.

Severity CVSS v4.0: Pending analysis

Last modification:

09/04/2026

CVE-2014-9356

Publication date:

02/12/2019

Path traversal vulnerability in Docker before 1.3.3 allows remote attackers to write to arbitrary files and bypass a container protection mechanism via a full pathname in a symlink in an (1) image or (2) build in a Dockerfile.

Severity CVSS v4.0: Pending analysis

Last modification:

11/12/2019